LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Authentication-Gateway-HOWTO/setup.html

1132 lines
22 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Setting up the Gateway Services</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Authentication Gateway HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="What is needed"
HREF="services.html"><LINK
REL="NEXT"
TITLE="Using the authentication gateway"
HREF="usage.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Authentication Gateway HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="services.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="usage.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="SETUP"
></A
>3. Setting up the Gateway Services</H1
><P
>
This section describes how to setup each piece of the
authentication gateway. The examples used are for a public network
in the 10.0.1.0 subnet. eth0 is the interface on the box that is
connected to the internal network. eth1 is the interface connected
to the public network. The IP address used for this interface is
10.0.1.1. These settings can be changed to fit the network you are
using. Red Hat 7.1 was used for the gateway box, so a lot of the
examples are specific to Red Hat.
</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="NETFILTERSETUP"
></A
>3.1. Netfilter Setup</H2
><P
>&#13; To setup netfilter the kernel must be recompiled to include
netfilter support. Please see the <A
HREF="http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html"
TARGET="_top"
>Kernel-HOWTO</A
>
for more information on configuring and compiling your kernel.
</P
><P
> This is what my kernel configuration looked like.
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> #
# Networking options
#
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK is not set
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_INET_ECN is not set
# CONFIG_SYN_COOKIES is not set
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_UNCLEAN=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_MIRROR=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
> Once netfilter has been configured, turn on IP forwarding by
executing this command.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> echo 1 &#62; /proc/sys/net/ipv4/ip_forward
</PRE
></FONT
></TD
></TR
></TABLE
><P
> To make sure ip forwarding is enabled when the machine restarts
add the following line to <TT
CLASS="FILENAME"
>/etc/sysctl.conf</TT
>.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> net.ipv4.ip_forward = 1
</PRE
></FONT
></TD
></TR
></TABLE
><P
>
If NocatAuth is being used, you can skip to the <A
HREF="setup.html#NOCATGATEWAYSETUP"
>NoCatAuth gateway setup</A
> section.
</P
><P
>
iptables needs to be installed. To install iptables either use a
package from your distribution or install from source. Once the
above options were compiled in the new kernel and iptables was
installed, I set the following default firewall rules.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i eth0 -m state --state NEW, INVALID -j DROP
iptables -A FORWARD -i eth0 -m state --state NEW, INVALID -j DROP
iptables -I FORWARD -o eth0 -j DROP
iptables -I FORWARD -s 10.0.1.0/24 -d 10.0.1.1 -j ACCEPT
</PRE
></FONT
></TD
></TR
></TABLE
><P
>&#13; The above commands can also be put in an initscript to start up
when the server restarts. To make sure the rules have been added
issue the following commands:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> iptables -v -t nat -L
iptables -v -t filter -L
</PRE
></FONT
></TD
></TR
></TABLE
><P
> To save these rules I used Red Hat's init scripts.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> /etc/init.d/iptables save
/etc/init.d/iptables restart
</PRE
></FONT
></TD
></TR
></TABLE
><P
>
Now the gateway box will be able to do network address translation
(NAT), but it will drop all forwarding packets except those coming
from within the public network and bound for the gateway.
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="DYNAMICNETFILTER"
></A
>3.2. Dynamic Netfilter rules.</H2
><P
>
This section describes how to setup the software needed to
dynamically insert and remove Netfilter rules on the gateway.
</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="PAMIPTABLESSETUP"
></A
>3.2.1. PAM iptables Module</H3
><P
> The PAM session module that inserts the firewall rules is
needed to allow forwarding for the authenticated client. To set it
up simply get the <A
HREF="ftp://ftp.itlab.musc.edu/pub/pam_iptables.tar.gz"
TARGET="_top"
>source</A
>
and compile it by running the following commands.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> gcc -fPIC -c pam_iptables.c
ld -x --shared -o pam_iptables.so pam_iptables.o
</PRE
></FONT
></TD
></TR
></TABLE
><P
> You should now have two binaries called
<TT
CLASS="FILENAME"
>pam_iptables.so</TT
> and <TT
CLASS="FILENAME"
>pam_iptables.o</TT
>.
Copy <TT
CLASS="FILENAME"
>pam_iptables.so</TT
> to
<TT
CLASS="FILENAME"
>/lib/security/pam_iptables.so</TT
>.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> cp pam_iptables.so /lib/security/pam_iptables.so
</PRE
></FONT
></TD
></TR
></TABLE
><P
> Now install the firewall script to /usr/local/auth-gw.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> mkdir /usr/local/auth-gw
cp insFwall /usr/local/auth-gw
</PRE
></FONT
></TD
></TR
></TABLE
><P
> The chosen authentication client for the gateway was ssh so we added the
following line to <TT
CLASS="FILENAME"
>/etc/pam.d/sshd</TT
>.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> session required /lib/security/pam_iptables.so
</PRE
></FONT
></TD
></TR
></TABLE
><P
> Now, when a user logs in with ssh, the firewall rule will be added.
</P
><P
> To test if the pam_iptables module is working perform the following
steps:
</P
><P
></P
><OL
TYPE="1"
><LI
><P
>Log into the box with ssh.</P
></LI
><LI
><P
>Check to see if the rule was added with the command
<B
CLASS="COMMAND"
>iptables -L -v</B
>.</P
></LI
><LI
><P
>Log out of the box to make sure the rule is removed.</P
></LI
></OL
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="NOCATGATEWAYSETUP"
></A
>3.2.2. NoCatAuth gateway</H3
><P
>
This section describes the process of setting up the NocatAuth
gateway. To setup NocatAuth get the <A
HREF="http://nocat.net/download/NoCatAuth/"
TARGET="_top"
>source</A
> and
install with the following steps.
</P
><P
>
Make sure gpgv is installed. gpgv is a PGP signature verifier.
It is part of gnupg and can be found at <A
HREF="http://www.gnupg.org/download.html"
TARGET="_top"
>http://www.gnupg.org/download.html</A
>.
</P
><P
> Unpack the NocatAuth tar file.
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> tar xvzf NocatAuth-x.xx.tar.gz
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
>
If you do not want NoCatAuth to be in the directory
/usr/local/nocat, edit the Makefile and change INST_PATH to the
directory you would like NoCatAuth to reside.
</P
><P
> Next build the gateway.
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> cd NoCatAuth-x.xx
make gateway
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
>
Edit the /usr/local/nocat.conf file. Please see the INSTALL
documentation for details on what is required in the conf
file. An example conf file looks like the following:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>
###### gateway.conf -- NoCatAuth Gateway Configuration.
#
# Format of this file is: Directive Value, one per
# line. Trailing and leading whitespace is ignored. Any
# line beginning with a punctuation character is assumed to
# be a comment.
Verbosity 10
#we are behind a NAT so put the gateway in passive mode
GatewayMode Passive
GatewayLog /usr/local/nocat/nocat.log
LoginTimeout 300
######Open Portal settings.
HomePage http://www.itlab.musc.edu/
DocumentRoot /usr/local/nocat/htdocs
SplashForm splash.html
###### Active/Passive Portal settings.
TrustedGroups Any
AuthServiceAddr egon.itlab.musc.edu
AuthServiceURL https://$AuthServiceAddr/cgi-bin/login
LogoutURL https://$AuthServiceAddr/forms/logout.html
###### Other Common Gateway Options.
AllowedWebHosts egon.itlab.musc.edu
ResetCmd initialize.fw
PermitCmd access.fw permit $MAC $IP $Class
DenyCmd access.fw deny $MAC $IP $Class
</PRE
></FONT
></TD
></TR
></TABLE
><P
>
Now you should be able to start the gateway. If any problems
occur, please see the INSTALL documentation in the unpacked
NoCatAuth directory. The following command will start the
gateway:
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> /usr/local/nocat/bin/gateway
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="DHCPDSETUP"
></A
>3.3. DHCP Server Setup</H2
><P
>I installed DHCP using the following
<TT
CLASS="FILENAME"
>dhcpd.conf</TT
> file.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> subnet 10.0.1.0 netmask 255.255.255.0 {
# --- default gateway
option routers 10.0.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.1.255;
option domain-name-servers 10.0.1.1;
range 10.0.1.3 10.0.1.254;
option time-offset -5; # Eastern Standard Time
default-lease-time 21600;
max-lease-time 43200;
}
</PRE
></FONT
></TD
></TR
></TABLE
><P
>&#13; The server was then run using eth1 , the interface to the public
net.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> /usr/sbin/dhcpd eth1
</PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AUTHENTICATIONSETUP"
></A
>3.4. Authentication Method Setup</H2
><P
>
Authentication with PAM and a NoCatAuth authentication service is
described. Both examples are done with LDAP. Other means of
authentication besides LDAP can be used. Please read the
documentation for PAM and NoCatAuth to find the steps to use
another authentication source.
</P
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="PAMLDAP"
></A
>3.4.1. PAM LDAP</H3
><P
>&#13; As indicated in previous sections, I've set this gateway up to use
LDAP for authenticating. However, you can use any means that PAM
allows for authentication. See <A
HREF="services.html#AUTHENTICATION"
>Section 2.4</A
> for
more information.
</P
><P
>
In order to get PAM LDAP to authenticate, I installed <A
HREF="http://www.openldap.org"
TARGET="_top"
>OpenLDAP</A
> and configured it
with the following in <TT
CLASS="FILENAME"
>/etc/ldap.conf</TT
>.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> # Your LDAP server. Must be resolvable without using LDAP.
host itc.musc.edu
# The distinguished name of the search base.
base dc=musc,dc=edu
ssl no
</PRE
></FONT
></TD
></TR
></TABLE
><P
>
The following files were used to configure PAM to do the LDAP
authentication. These files were generated by Red Hat's
configuration utility.
</P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="FILENAME"
>/etc/pam.d/system-auth</TT
> was created and looked
like this.</DT
><DD
><P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> #%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account [default=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
></DD
><DT
>Then the following
<TT
CLASS="FILENAME"
>/etc/pam.d/sshd</TT
> file was created.</DT
><DD
><P
> <TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> #%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
#this line is added for firewall rule insertion upon login
session required /lib/security/pam_iptables.so debug
session optional /lib/security/pam_console.so
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="NOCATAUTHSERVICE"
></A
>3.4.2. NoCatAuth Service</H3
><P
>
It is recommended to install the NoCatAuth Service on another
server besides the gateway. A seperate server was used in my
examples. In order to setup a NoCatAuth Service, you will need
the following software:
</P
><P
></P
><OL
TYPE="1"
><LI
><P
>
An SSL enabled webserver, preferably with a registered SSL cert.
I used Apache + mod_ssl.
</P
></LI
><LI
><P
> Perl 5 (5.6 or better recommended)
</P
></LI
><LI
><P
>
Net::LDAP, Digest::MD5, DBI, and DBD::MySQL perl modules (get them
from CPAN) The module you need depends on what authentication
source you are going to use. In my example Net::LDAP is used as
the authentication means.
</P
></LI
><LI
><P
> Gnu Privacy Guard (gnupg 1.0.6 or better), available at
http://www.gnupg.org/download.html
</P
></LI
></OL
><P
> To install unpack the tar file.
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> $ tar zvxf NoCatAuth-x.xx.tar.gz
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
> If you would like to change the path that NoCatAuth resides , edit the
Makefile and change INST_PATH to the desired directory.
</P
><P
> Next run the command:
<B
CLASS="COMMAND"
> make authserv </B
>
This installs everything in /usr/local/nocat or what you changed INST_PATH
to.
</P
><P
> Then run <B
CLASS="COMMAND"
> make pgpkey </B
>
The defaults should be fine for most purposes.
IMPORTANT: do NOT enter a passphrase! Otherwise, you will get strange
messages when the auth service attempts to encrypt messages, and tries to
read your passphrase from a non-existent tty
</P
><P
> Edit /usr/local/nocat/nocat.conf to fit your situation.
Here is an example:
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> ###### authserv.conf -- NoCatAuth Authentication Service Configuration.
#
# Format of this file is: Directive Value, one per
# line. Trailing and leading whitespace is ignored. Any
# line beginning with a punctuation character is assumed to
# be a comment.
Verbosity 10
HomePage http://www.itlab.musc.edu/
DocumentRoot /usr/local/nocat/htdocs
# LDAP source
DataSource LDAP
LDAPHost authldap.musc.edu
LDAPBase dc=musc,dc=edu
UserTable Member
UserIDField User
UserPasswdField Pass
UserAuthField Status
UserStampField Created
GroupTable Network
GroupIDField Network
GroupAdminField Admin
MinPasswdLength 8
# LocalGateway -- If you run auth service on the same subnet
# (or host) as the gateway you need to specify the hostname
# of the gateway. Otherwise omit it. (Requires Net::Netmask)
#
# LocalGateway 192.168.1.7
LoginForm login.html
LoginOKForm login_ok.html
FatalForm fatal.html
ExpiredForm expired.html
RenewForm renew.html
PassiveRenewForm renew_pasv.html
RegisterForm register.html
RegisterOKForm register_ok.html
RegisterFields Name URL Description
UpdateForm update.html
UpdateFields URL Description
###### Auth service user messages. Should be self-explanatory.
#
LoginGreeting Greetings! Welcome to the Medical University of SC's Network.
LoginMissing Please fill in all fields!
LoginBadUser That e-mail address is unknown. Please try again.
LoginBadPass That e-mail and password do not match. Please try again.
LoginBadStatus Sorry, you are not a registered co-op member.
RegisterGreeting Welcome! Please enter the following information to register.RegisterMissing Name, E-mail, and password fields must be filled in.
RegisterUserExists Sorry, that e-mail address is already taken. Are you already registered?
RegisterBadUser The e-mail address provided appears to be invalid. Did you spell it correctly?
RegisterInvalidPass All passwords must be at least six characters long.
RegisterPassNoMatch The passwords you provided do not match. Please try again.
RegisterSuccess Congratulations, you have successfully registered.
UpdateGreeting Enter your E-mail and password to update your info.
UpdateBadUser That e-mail address is unknown. Please try again.
UpdateBadPass That e-mail and password do not match. Please try again.
UpdateInvalidPass New passwords must be at least eight characters long.
UpdatePassNoMatch The new passwords you provided do not match. Please try again.
UpdateSuccess Congratulations, you have successfully updated your account.
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
> Make sure /usr/local/nocat/pgp is owned by the web server user. (ie..nobody or www-data)
</P
><P
> Add etc/authserv.conf to your apache httpd.conf file.
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> Include /usr/local/nocat/etc/authserv.conf </PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
>&#13; Copy your /usr/local/nocat/trustedkeys.pgp to the gateway.
Restart apache and try it out. Please see the NoCatAuth
documentation for more information. It can be found in docs/ in
the unpacked NoCatAuth directory.
</P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="DNSSETUP"
></A
>3.5. DNS Setup</H2
><P
>&#13; I installed the default version of Bind that comes with Red Hat
7.1, and the caching-nameserver RPM. The DHCP server tells the
machines on the public net to use the gateway box as their
nameserver.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="services.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="usage.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>What is needed</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Using the authentication gateway</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink